Can't See Internal Network: ASA 5505

Discussion in 'Cisco' started by Buck Rogers, Jan 19, 2008.

  1. Buck Rogers

    Buck Rogers Guest

    Hello All,

    I have an ASA 5505 conntected at a client and I can access the
    internet with no problem. However, I can't see/peruse their internal
    network. Below is the config. Will you give me a critic of the
    config and a possible explanation why I can't see the internal
    network? I have yet to try VPN.

    Also, this client previously had a Pix 501 and the config needed a
    "isakmp nat-traversal 1200" line in the config. When I put the same
    line in the ASA config, I couldn't access the internet. Without the
    line, I can. Again, will you give me an explanation as to why.

    Any further info needed will be provided.



    ASA Version 7.2(3)
    hostname xxxx
    domain-name xxxxxxxx
    enable password EPFuQGl0PmoKEsli encrypted
    interface Vlan1
    nameif inside
    security-level 100
    ip address
    interface Vlan2
    nameif outside
    security-level 0
    ip address dhcp setroute ****client is using DYNDNS****
    interface Vlan3
    no forward interface Vlan1
    nameif dmz
    security-level 50
    no ip address
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    passwd 1uciNxnXZFirVGRB encrypted
    ftp mode passive
    dns server-group DefaultDNS
    domain-name xxxxxx
    access-list xxxxx_splitTunnelAcl standard permit any
    access-list xxxxx_splitTunnelAcl_1 standard permit any
    access-list inside_nat0_outbound extended permit ip any
    pager lines 24
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu dmz 1500
    ip local pool xxxx mask
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-523.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00
    sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    http server enable
    http inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto dynamic-map outside_dyn_map 20 set pfs
    crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
    crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh inside
    ssh outside
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside
    dhcpd address inside
    dhcpd dns xxxxxxxxxxxxxxx interface inside
    dhcpd enable inside

    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    service-policy global_policy global
    group-policy xxxxx internal
    group-policy xxxxx attributes
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value xxxxx_splitTunnelAcl_1
    username xxxxxxxx password HUnPMQd7PYqD/tGX encrypted privilege 0
    username xxxxxxxx attributes
    vpn-group-policy xxxxxx
    username xxxxx password EESlanzMed7BYAKE encrypted privilege 0
    username xxxx attributes
    vpn-group-policy xxxxx
    tunnel-group xxxxx type ipsec-ra
    tunnel-group xxxxxx general-attributes
    address-pool xxxx
    default-group-policy xxxxxx
    tunnel-group xxxxxxx ipsec-attributes
    pre-shared-key *
    prompt hostname context
    : end
    Buck Rogers, Jan 19, 2008
    1. Advertisements

  2. Buck Rogers

    Buck Rogers Guest

    Hello All,

    Boy, do I feel dumb!!

    Problem was the OS firewall stopping the connections.
    After fixing the settings, all is okay. Sorry for the bandwidth

    However, my question about isakmp nat-traversal is still puzzling me.


    Buck Rogers, Jan 20, 2008
    1. Advertisements

  3. Buck Rogers

    Buck Rogers Guest

    This thread is now closed. All problems solved......all problems
    caused by OP error.

    My Bad,

    Buck Rogers, Jan 21, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.